Tuesday, March 8, 2016

The February Security Dev Blog: EVE Online, Overlays, and You

For some reason, people want me to analyze the latest dev blog published by Team Security, "Overlays, ISK Buyer Amnesty and Account Security". I refuse to comment on the thread on the EVE Online forums for two reasons. The first is the deleterious effect of visiting the forums may have on my mental health. The second, more serious reason, is I don't want to receive a forum ban, or perhaps even a temporary vacation from EVE. I do read the rules and what follows does break some of the EVE Online forum rules, especially:
22. Posting regarding RMT (Real Money Trading) is prohibited.

Posts discussing, linking to, or advertising RMT, including but not limited to the sale of in game items, assets, currency, characters or game accounts for real life money are strictly prohibited.

32. Rumor mongering is prohibited.

Rumor threads and posts which are based off no actual solid information and are designed to either troll or annoy other users will be locked and removed. These kinds of threads and posts are detrimental to the wellbeing and spirit of the EVE Online Community, and can create undue panic among forum users, as well as adding to the workload of our moderators.

I don't believe anything that follows violates point 32, but I'm sure ISD would disagree. See, I just violated another rule:
12. Discussion of forum moderation is prohibited.

The discussion of EVE Online forum moderation actions generally leads to flaming, trolling and baiting of our ISD CCL moderators. As such, this type of discussion is strictly prohibited under the forum rules. If you have questions regarding the actions of a moderator, please file a support ticket under the Community & Forums Category.
Much safer to just write my comments on the blog and avoid all the danger.

Still reading? Then put on your tin foil hats and let's take another journey down the EULA rabbit hole and try to figure out what the security dev blog means.

A lot of people say that CCP's EULA, Terms of Service, Third Party Policies, etc, are convoluted and difficult to understand, even when spelled out plainly. Here's some footage taken in Reykjavik last year when I asked Team Security a question that Shadowandlight posed to me during last year's input broadcasting kerfluffle:



Admittedly, the question on what CCP considered a macro was clearly spelled out in a dev blog in December 2014, so I understood the perplexion. My guess is that the security team is detecting a lot of bannable behavior so is putting out the dev blog before dropping the hammer down on the offending players.

In the first section, "EVE Online, Overlays, and You", CCP performs a point-by-point explanation of a paragraph from the Third Party Policies page:
"We do not endorse or condone the use of player-made software or any other third party applications or software that confers an unfair benefit to players. We may, in our discretion, tolerate the use of applications or other software that simply enhance player enjoyment in a way that maintains fair gameplay. However, if any third party application or other software is used to gain any unfair advantage, or is used for purposes beyond its intended use, or if the application or other software violates other parts of the EULA, we may fully enforce our rights to prohibit such use, including player bans. Please use player-made or other third party software at your own risk."
For those wondering, I used the Internet Wayback Machine and found the same language on the page back in February 2014. I also discovered that CCP changed all the links to these pages so I need to go back and redo the links on a lot of posts. Thanks CCP!

The security blog lists five major points that players should take away from the dev blog:

1. We do not endorse or condone the use of any third party applications or other software that modifies the client or otherwise confers an unfair benefit to players.
​​​In short: Do NOT use any tools/applications/modifications which either modify the client in any way OR provide you any kind of unfair benefit/advantage.
Yeah. The "fairness" question. In the comments on the forums, all the naysayers drove right for that hole in the logic.

2. We may, in our discretion, tolerate the use of applications or other software that simply enhance player enjoyment in a way that maintains fair gameplay.
AS LONG AS it’s fair to everybody - neither you nor anybody else gets any unfair advantage – we are fine with it.
Once again, the fairness question. I know for legal reasons CCP does not want to change the EULA unless absolutely necessary. But I don't like the unnamed exceptions policy, although that issue is partially addressed in the next point.

3. For instance, the use of programs that provide in-game overlays (Mumble, Teamspeak) is not something we plan to actively police at this time.
This is an example of something we do NOT consider unfair, for now. This also includes other in-game overlays which do NOT grant you any unfair advantage. We do not consider it an unfair advantage if you can see who is currently talking in your voice communication tool via the means of an in-game overlay. We also do NOT consider it unfair if you use other comfort overlays which do not affect how the game is played. This includes overlays for chat and IM applications, the Steam overlay, and Web-Browser overlays for example.
At this point I really wanted the dev blog to explain what an overlay is and give some examples of how overlays can perform evil actions within the game client. The dev blog only went over benign uses of overlays.

4. However, if any third party application or other software is used to gain any unfair advantage, or for purposes beyond its intended use, or if the application or other software violates other parts of the EULA, we may fully enforce our rights to prohibit such use, including player bans.
We do consider overlays using elements of a second or multiple other EVE clients to be against the rules. It changes the way the game is played and grants the player unfair advantages over other players. For example, having overviews from other EVE clients as overlays on one EVE client would allow a player to get real time intel from all those other game instances without having to switch to the other windows. Similarly, overlays using elements from a second or multiple other EVE clients to allow the player to activate modules etc. on those other game instances without switching to the other client windows are clearly in violation of our rules.
"We do consider overlays using elements of a second or multiple other EVE clients to be against the rules." This sentence is why I wish that overlays were more clearly defined. I remember the ISBoxer forum war of 2014-2015 and learning that ISBoxer could call an executable, DXNothing, that allowed ISBoxer users to create their own custom clients that could control a dozen different clients at the same time. I have an example from a video made in February 2015 below.


Doesn't look like a normal EVE client, does it? This is what the dev blog refers to.
2. You may not use your own or third-party software to modify any content appearing within the Game environment or change how the Game is played.
Now for an important note. If you do what the person in the video did, YOU WILL GET BANNED. So don't do it.

Of course, those unfamiliar with the controversy leading up to last year's Fanfest probably leapt to thinking of the windows management capability of applications like ISBoxer and Eve-O Preview as overlays that are now banned since those applications were not specifically mentioned.


5. Please use such third party applications or other software at your own risk.
Please be aware of the fact that we do a lot of data analysis which grants us insight into behavior patterns and allows us to detect anomalies. In a lot of cases we do not need to know what you do on the client side because looking at the behavior in our very detailed event logs on the server side allows us to see if you have/had an unfair advantage over anybody else including the game environment. We don’t know all the tools out there and what they do exactly - and frankly we don’t care. If you get banned, then this is because the results of what you did and how you potentially gained from it manifested in our server-side logs.
I feel the reason a lot of players threw fits over the dev blog was the final point in the overlay section. Players want things spelled out in detail. Thus, they want CCP to tell them that application X is bad while application Y is good. Team Security, on the other hand, does not want to get into a war with the developers of dodgy software, so does not want to give such approval. Doing server-side detection, while not perfect, allows CCP to work on modifying behavior, not software. After all, why combat four different developers when their applications all do the same thing?

Happily, the opening post in the comments said that Team Security would answer questions and they delivered. Here are some questions and answers from the comments.

Dart Aurel: 

There are 2 questions regarding windows switching policy points:

1. Is it prohibited to have 2 clients open and visible each on its own monitor?

2. I play EVE Online under Linux + Wine. Also I have tiled WM (xmonad) which allows to switch windows really fast (<50ms an="" delay="" exploit="" fair="" i="" is="" it="" or="" this="" use="">

CCP Grimmi: 

1. Surprise, we are not banning monitors. Assuming all EVE Clients are used as shipped by CCP then this is fine.

2. We do not see any issues with this. Switching between the EVE Client windows is part of regular and very welcome multiboxing. Being good at it is not a ban-able offense

Mail Lite:

Just wanted to check with you about 'Pirates Little Helper'.

It is a programme were you CTRL-A CTRL+C in local and it brings it up out of game, you get little icons which show what militia they are in, whether they are known to be link toons or whether they USE link toons. It also shows how many of each corp/alliance or in local without trolling though them.

It gives you instant access to their KB, their last KB activity and what their 3 favourite ships are. It also gives the average number of pilots on all of their killmails (good for identifying gangs/bait) 

Can you confirm this is something that is ok to use?

CCP Grimmi:

Applications/tools that do modify the client, do extract or try to interpret any information from within the clients window, do interact with the client (sending data/keystrokes to the client window), do inject anything into the clients memory or try to interact with the client in any way which cannot be achieved without using said applications/tools, are not allowed. As of today, the tool you are asking about, 'Pirates Little Helper', is a stand alone application which does not do any of the above to/with the EVE Client and we therefore do not see any reason to outlaw its usage.

Koz Katral:

But what about eve preview? in theory it should be ok because it doesn't isolate any individual elements and just displays the entire client window. 

CCP Grimmi:

Overlays which contain a full, unchanged, EVE Client instance in a view only mode, no matter how large or small they are scaled, like it is done by EVE-O Preview as of today, are fine with us. These overlays do not allow any direct interaction with the EVE Client and you have to bring the respective EVE Client to the front/put the window focus on it, in order to interact with it.

Nikolai Agnon:

Summarized question: Am I allowed to have specific EVE Client windows pinned to all of my virtual desktops in order to, for example, keep the EVE Clients with my scout Characters in my line of sight at any point in time and no matter on which virtual desktop I am?

CCP Grimmi:

Yes, absolutely.

Matthew Reddy:

Can i use ISBoxer for window management as long as i do not broadcast?. Can i get a clear answer on this?

CCP Grimmi:

Yes, window management, of unmodified/untampered EVE Client windows, is allowed using ISBoxer or any other applications/tools.

Papa Django:

A last question, is your detection methodology takes account about pvp or not ? I do not do pvp anymore. I do industry and trade. What kind of "unfair advantages" could i have in this case ?

CCP Grimmi:

All activity within the game world is subject to our detection methodology. With all players on a single server and in direct competition with each other even your trade and industry activities are PvP. Any type of automation would give you unfair advantages, for example.

A Nony Mouse:

How will you differentiate between operating systems which allow overlay like behaviour for task switching and overlay tools. Windows 10 for example lets you see multiple windows in large enough thumbnails to read and monitor just by pressing Windows + Tab.

CCP Grimmi:

We do not necessarily need to differentiate between different systems. If the logs show activity that should not be possible through normal means, we will take action.

Rain6637:

Say I have eight screens next to each other in a 2x4 grid, and several of them are scouts in neighboring systems, or cloaked on every hole in a wormhole chain. I don't use any client overlays because they're all side by side and I can see them just fine. Am I breaking rules about unfair advantages?

CCP Grimmi:

We are not banning monitors. Assuming all EVE Clients are used as shipped by CCP then this is fine

Lucas Kell:

As an example, this is something that is readily achievable with EVE-O preview. Would as setup like this be against the EULA?

CCP Grimmi:

Having many clients visible at the same time is not something we intend to ban.


Or, in other words, NOTHING. HAS. CHANGED. Well, at least nothing has changed in connection with third party software. The amnesty initiative is another story.

TO BE CONTINUED...

No comments:

Post a Comment